diff --git a/lib/dependabot/metadata_finders/go/dep.rb b/lib/dependabot/metadata_finders/go/dep.rb index b95709af550d..5fd114d6e2a4 100644 --- a/lib/dependabot/metadata_finders/go/dep.rb +++ b/lib/dependabot/metadata_finders/go/dep.rb @@ -9,9 +9,22 @@ class Dep < Dependabot::MetadataFinders::Base private def look_up_source - # Hit the registry (or some other source) and get details of the - # location of the source code for the given dependency - Source.new(host: "github.com", repo: "my-org/my-dependency") + # TODO: A more general way to do this? + source_string = specified_source_string. + gsub(%r{^golang\.org/x}, "github.com/golang") + + Source.from_url(source_string) + end + + def specified_source_string + sources = dependency.requirements. + map { |r| r.fetch(:source) }.uniq.compact + + raise "Multiple sources! #{sources.join(', ')}" if sources.count > 1 + + sources.first&.fetch(:source, nil) || + sources.first&.fetch("source") || + dependency.name end end end diff --git a/spec/dependabot/metadata_finders/go/dep_spec.rb b/spec/dependabot/metadata_finders/go/dep_spec.rb index e047780b381e..444590b1cbe5 100644 --- a/spec/dependabot/metadata_finders/go/dep_spec.rb +++ b/spec/dependabot/metadata_finders/go/dep_spec.rb @@ -1,8 +1,69 @@ # frozen_string_literal: true +require "dependabot/dependency" require "dependabot/metadata_finders/go/dep" require_relative "../shared_examples_for_metadata_finders" RSpec.describe Dependabot::MetadataFinders::Go::Dep do it_behaves_like "a dependency metadata finder" + + let(:dependency) do + Dependabot::Dependency.new( + name: dependency_name, + version: "2.1.0", + requirements: requirements, + package_manager: "dep" + ) + end + let(:requirements) do + [{ + file: "Gopkg.toml", + requirement: "v2.1.0", + groups: [], + source: source + }] + end + subject(:finder) do + described_class.new(dependency: dependency, credentials: credentials) + end + let(:credentials) do + [{ + "type" => "git_source", + "host" => "github.com", + "username" => "x-access-token", + "password" => "token" + }] + end + let(:dependency_name) { "github.com/satori/go.uuid" } + let(:source) { nil } + + describe "#source_url" do + subject(:source_url) { finder.source_url } + + context "with a github name" do + it { is_expected.to eq("https://github.com/satori/go.uuid") } + + context "and no requirements" do + it { is_expected.to eq("https://github.com/satori/go.uuid") } + end + + context "that uses golang.org" do + let(:dependency_name) { "golang.org/x/text" } + it { is_expected.to eq("https://github.com/golang/text") } + end + end + + context "with a source" do + let(:source) do + { + type: "default", + source: "github.com/alias/go.uuid", + branch: nil, + ref: nil + } + end + + it { is_expected.to eq("https://github.com/alias/go.uuid") } + end + end end